Application Security Professionals to Know 2025

I am a Cybersecurity expert with ~15 years of hands-on experience in Application Security. I have a proven track record of building robust security frameworks and Security Testing Strategies to help organizations safeguard their Application landscape. I have worked with leading Industry Clients, across diverse Line of Business in implementing Vulnerability Assessment and Penetration Testing services. I am currently pivoting to AI Safety and AI Security.

Application security researcher and founder of AppSec Santa, a curated comparison of 163+ application security tools across 10 categories. Published original research including the AI Code Security Study 2026 (tested 6 LLMs against OWASP Top 10 with 534 code samples) and the Security Headers Adoption Study (scanned 10,000+ websites). Helps security teams select the right AppSec tools through data-driven analysis.

I am an Information Security Professional with years of experience in Application Security, Penetration Testing & Information Risk Management. I have rich experience with working on complex security engagements, from designing and executing of Application Security Strategy, Supply Chain Security to Compliance Consulting. Some of the topics that is fascinating to me is DevSecOps, Advancement and usage of AI in Application Security, Security Awareness and Vulnerability Management. My mission is to use my existing knowledge and expertise to assist organizations in making their applications more resilient. Always enthusiastic about sharing my insights and best practices with other security professionals and enthusiasts via talks and coffee chats.

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

Scott Altiparmak is a Senior Information Security Engineer with 8+ years of experience spanning identity and access management, email security, and cloud security, with a focus on building and automating enterprise security programs end to end. He is the creator of Threat Terminal, a live game-based research platform studying how humans detect phishing in the generative AI era, and maintains open-source tools including Enterprise-Zapp and Threat Intelligence Tarot. He serves as Director of Programming for the South Florida ISSA chapter and speaks regularly at industry and academic events including Tech Hub Pulse 2026, PBSC CyberWeek, and the PBSC Cybersecurity Symposium.

Omair Manzoor is the Founder and CEO of ioSENTRIX, a cybersecurity firm specializing in Penetration Testing as a Service (PTaaS), application security, and AI/ML security assessments. ioSENTRIX serves mid-market and enterprise clients across financial services, healthcare, SaaS, and critical infrastructure — delivering continuous security testing through a hybrid human-AI approach with audit-ready deliverables mapped to SOC 2, ISO 27001, HIPAA, and PCI DSS frameworks. The company has been featured in FOX News, NBC, CBS, AP, ABC News, Business Insider, and Yahoo Finance, and is listed on AWS Marketplace and G2. Omair's areas of expertise include penetration testing strategy, PTaaS implementation, AI/LLM security and red teaming, application security program development, vibe coding security risks, compliance-driven security testing, and continuous threat exposure management (CTEM).

I’m a Penetration Tester with a solid background in cybersecurity, specializing in uncovering vulnerabilities in web applications, APIs, and cloud environments. I focus on simulating real-world attack techniques to help organizations understand their risks and strengthen their security posture. My work includes ethical hacking, threat analysis, and integrating security automation into modern development workflows. I’m currently working at ZeroThreat.ai, building an automated penetration testing tool powered by AI.

An experienced security professional helping security folks discover their best with HealthyByte. Previously built and led secure design functions at Insight, secured and protected thousands of websites per day at SiteLock alongside malware research at Sectigo, and currently building and scaling security for millions of rental cars at Turo. I’m curious and a lifetime learner across every field. Areas of Expertise & Interest: ‣ Enterprise/Corporate Security ‣ Infrastructure Security ‣ AWS Cloud Security ‣ Offensive Security (Red Teaming) ‣ Incident Detection and Response

Karthikeyan Ramdass a seasoned cybersecurity professional with over 18 years of experience securing mission-critical systems for leading Fortune 500 companies across industries including aviation, finance, automotive, and technology. I have played a pivotal role in protecting organizations such as Southwest Airlines, Wells Fargo, Morgan Stanley, Toyota Motors North America, AIG, Cognizant, Salesforce, and Deluxe Corporation. Specializing in application security, vulnerability management, secure architecture, and supply chain defense, led the design and implementation of enterprise-scale security frameworks, CI/CD pipelines, and advanced security testing solutions. Extensive experience in SAST, DAST, SCA, zero-day vulnerability management, and penetration testing, ensuring compliance with global standards such as NIST CSF, PCI DSS, and OWASP Top 10.

Cyber Security Consultant and Tech Enthusiast with 10+ years of experience helping businesses strengthen digital security, optimize technology strategies, and drive innovation across the Cyber Security, Business Consulting, Technology, and SaaS industries. Skilled in identifying security risks, implementing resilient solutions, and advising organizations on secure digital transformation initiatives. Passionate about emerging technologies, PKI, cloud security, SaaS ecosystems, and helping startups and enterprises build scalable, secure, and future-ready systems. Known for combining technical expertise with business insight to deliver practical solutions that enhance operational efficiency, compliance, and cybersecurity resilience.

Cybersecurity Expert | Cyberwarfare Strategist | Founder, Centuria Labs Research With over 25 years of specialized experience, Giovanni Battista Caria is a prominent figure in the European cybersecurity landscape. As the head of Centuria Labs Research, he has dedicated his career to advanced research in digital crime prevention and the development of impenetrable defensive architectures. His work bridges the gap between technical innovation and strategic analysis, making him a sought-after speaker at major international forums, including the International Security & Digital Council. Literary Contribution & Strategic Insight Caria’s extensive research has culminated in a series of influential works that address the evolving nature of digital threats from both a technical and legal perspective: The Black Book of Cybersecurity (Il Libro Nero della Cybersecurity): A deep dive into the structural flaws of modern digital infrastructure and the methodologies of high-level cyber attacks. The Invisible Front (Cybersecurity & Cyberwarfare): Co-authored as a comprehensive guide to the convergence of law, technology, and national security, this work serves as a manual for understanding state-sponsored digital conflict. The Architects of Shadow (PsyOps & Information Warfare): An analytical exploration of psychological operations and social engineering, detailing how digital influence can compromise national stability and institutional trust. Innovation in Defensive Systems Throughout his two-decade-long career, Caria has focused on creating innovative defensive frameworks designed to be mathematically and structurally resilient. His approach at Centuria Labs emphasizes proactive threat hunting and the implementation of security layers that go beyond traditional firewalls, focusing instead on system-level integrity and zero-trust principles. Strategic Vision A recognized expert in the legal and technical facets of the GDPR and cyber-law, Caria integrates regulatory compliance with hard-core technical defense. His philosophy is rooted in the belief that true cybersecurity requires a holistic understanding of the "invisible front"—the space where software engineering, international law, and geopolitical interests collide. "Cyber defense is not a static wall, but a dynamic architecture of constant anticipation and research." — Giovanni Battista Caria

Shwetha Babu Prasad is a data security and privacy professional, speaker, and published author with nearly a decade of experience in information security. Her work focuses on advancing practical, engineering-driven approaches to protect sensitive data and reduce systemic data exposure risks. She has experience implementing data protection controls across enterprise systems to mitigate the risk of sensitive data exposure. She is the author of Why Websites Fail at Data Protection and Privacy and Data Security in the Age of AI. An active member of ISC2 and the Information Systems Security Association, she contributes to industry initiatives aligned with National Institute of Standards and Technology frameworks through the ISSA Resilience Special Interest Group. Her work advances practical, engineering driven data protection and privacy capabilities, strengthening cyber resilience across enterprise and critical infrastructure environments.

Co-Founder of SG6, ITRES and DEV6. Cybersecurity consultant with a deep technical background. More than 20 years of experience in the fields of IT Security, Cybersecurity, Security Research and IT Best Practices. Dozens of acredited CVE vulnerabilities since Y2K. I publish practical offensive/defensive research: vulnerability analysis, exploitation notes, reverse engineering, and hardening/detection takeaways.

I am a cybersecurity professional with over 18 years of experience in offensive security, penetration testing, and cyber defense. I focus on deeply understanding complex security challenges and developing practical, real-world solutions that strengthen organizations against evolving threats. I enjoy working across various security domains and approaching problems with a hands-on, analytical mindset. My colleagues and clients describe me as a hardworking, disciplined professional who remains calm and solution-oriented when handling high-risk incidents and challenging environments. My areas of expertise include vulnerability assessment, exploit development, incident response, network security architecture, and enterprise systems administration. I hold industry-recognized certifications such as OSCP, OSCE, GWAPT, GCIH, CCNA, and RHCE, which demonstrate my commitment to continuous learning and technical excellence.

Cybersecurity expert with over a decade and a half of deep-dive experience, I bring an unparalleled level of understanding and expertise in strategic Cybersecurity planning, effective risk control, and pioneering product innovation. My career reflects my role as a reliable authority for organizations of all sizes, as well as an effective liaison with different regulatory bodies.

Rajyavardhan Handa is a cybersecurity engineer focused on AI/ML security and offensive security operations. His work spans designing production-grade security frameworks for enterprise AI platforms; integrating adversary simulation, penetration testing, and audit-ready evidence into complex cloud compliance environments (including federal authorization pathways); building governed crowdsourced vulnerability discovery programs at global SaaS scale; securing mission-critical cloud migrations with automated DevSecOps controls; and advancing enterprise identity governance. Mr. Handa’s contributions bridge applied engineering (secure-by-design operating models embedded into SDLC and CI/CD), measurable risk reduction outcomes (through disciplined offensive testing and vulnerability governance), and emerging threats specific to modern AI systems particularly risks affecting inference services and AI-related data exhaust visibility. He is active in the broader security community as an IEEE Senior Member, contributes research through peer-reviewed publications, serves as a peer reviewer for selective venues (including IEEE Transactions on Information Forensics and Security), and has received national/industry recognition including Cybersecurity Excellence Award and Aureum Technology Awards. He is sole inventor on a provisional patent addressing denial-of-wallet attacks on AI inference services (semantic-to-computational cost ratio analysis) and is also named as co-inventor on another provisional patent addressing AI data exhaust inventory and exposure correlation. His open-source contributions include accepted work integrated into widely deployed security/developer ecosystems such as Metasploit and Kubernetes documentation (via CNCF SIG Docs peer review). Mr. Handa is frequently quoted as a pragmatic practitioner who translates adversarial realities - prompt/agent abuse paths, scalable offensive testing constraints, and governance-heavy vulnerability programs into controls enterprises can operationalize under compliance expectations.

As a Digital Privacy Advocate and Lead SEO at Adult Advisor, I specialize in auditing digital platforms for user safety, subscription transparency, and data security. My work involves reverse-engineering complex web architectures and ensuring platforms adhere to strict consumer protection standards. With extensive experience in technical SEO and digital marketing, I help bridge the gap between user experience and web security, analyzing how online ecosystems can protect consumers from predatory billing and data breaches. I frequently share insights on technical SEO strategy, affiliate marketing, and digital privacy.

Results-oriented technology leader with over 9 years of experience in Infrastructure Security, Automation, Generative AI, and Software-Defined Operations. Demonstrated ability to lead high-performing teams, streamline enterprise support, and execute strategic initiatives that enhance organizational resilience and operational efficiency. A seasoned cybersecurity professional, experienced in vulnerability and patch management at scale, with a strong track record of driving measurable, data-driven impact through intelligent automation. Skilled in designing and implementing secure, scalable, and compliant infrastructure solutions that align with business and regulatory goals. Proven expertise in project and program management, particularly within Agile and Scrum frameworks, with a focus on cross-functional collaboration, risk mitigation, and continuous improvement. Recognized for combining technical depth with strategic vision to deliver transformative outcomes in complex enterprise environments.

Harman Singh, director at respected consultancy Cyphere, is an experienced security professional consulting public and private sector customers across the globe. He brings over a decade of intensive consulting experience, advising both private and public sector organisations on security matters around offensive and defensive security, particularly SOC operations maturity, CREST pen testing, risk and governance. Harman is recognised for his teaching ability; he is not just a consultant, but an educator of other experts: Black Hat Trainer: He has delivered advanced, practical training sessions at the prestigious Black Hat security conferences. Advanced Hacking: His training focuses on sophisticated techniques for attacking and defending complex digital infrastructure, upskilling security teams worldwide. Corporate Consulting: Beyond training, he possesses extensive experience consulting with corporate security teams, helping them manage threats across traditional networks and cloud-based systems. His insights—covering regulatory compliance, comments and best practices—are frequently featured in publications such as Infosecurity Magazine and Fast Company.